US9647933B1 - Port identifier management for path failover in cluster environments - Google Patents

Port identifier management for path failover in cluster environments Download PDF

Info

Publication number
US9647933B1
US9647933B1 US14/252,059 US201414252059A US9647933B1 US 9647933 B1 US9647933 B1 US 9647933B1 US 201414252059 A US201414252059 A US 201414252059A US 9647933 B1 US9647933 B1 US 9647933B1
Authority
US
United States
Prior art keywords
logical unit
cluster
node
failover
failure
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US14/252,059
Inventor
Deepak K. Tawri
Abhay K. Singh
Raghu Krishnamurthy
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Veritas Technologies LLC
Original Assignee
Veritas Technologies LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to US11/731,854 priority Critical patent/US7778157B1/en
Priority to US12/856,994 priority patent/US8699322B1/en
Application filed by Veritas Technologies LLC filed Critical Veritas Technologies LLC
Priority to US14/252,059 priority patent/US9647933B1/en
Assigned to VERITAS US IP HOLDINGS LLC reassignment VERITAS US IP HOLDINGS LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: SYMANTEC CORPORATION
Assigned to BANK OF AMERICA, N.A., AS COLLATERAL AGENT reassignment BANK OF AMERICA, N.A., AS COLLATERAL AGENT SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: VERITAS US IP HOLDINGS LLC
Assigned to WILMINGTON TRUST, NATIONAL ASSOCIATION, AS COLLATERAL AGENT reassignment WILMINGTON TRUST, NATIONAL ASSOCIATION, AS COLLATERAL AGENT SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: VERITAS US IP HOLDINGS LLC
Assigned to VERITAS TECHNOLOGIES LLC reassignment VERITAS TECHNOLOGIES LLC MERGER (SEE DOCUMENT FOR DETAILS). Assignors: VERITAS US IP HOLDINGS LLC
Publication of US9647933B1 publication Critical patent/US9647933B1/en
Application granted granted Critical
Application status is Active legal-status Critical
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/28Route fault recovery
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/20Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
    • G06F11/2002Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where interconnections or communication control functionality are redundant
    • G06F11/2005Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where interconnections or communication control functionality are redundant using redundant communication controllers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L29/00Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00
    • H04L29/12Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 characterised by the data terminal
    • H04L29/12009Arrangements for addressing and naming in data networks
    • H04L29/12207Address allocation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L29/00Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00
    • H04L29/12Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 characterised by the data terminal
    • H04L29/12009Arrangements for addressing and naming in data networks
    • H04L29/12792Details
    • H04L29/1283Details about address types
    • H04L29/12839Layer 2 addresses, e.g. Medium Access Control [MAC] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements or network protocols for addressing or naming
    • H04L61/20Address allocation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements or network protocols for addressing or naming
    • H04L61/60Details
    • H04L61/6018Address types
    • H04L61/6022Layer 2 addresses, e.g. medium access control [MAC] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network-specific arrangements or communication protocols supporting networked applications
    • H04L67/10Network-specific arrangements or communication protocols supporting networked applications in which an application is distributed across nodes in the network
    • H04L67/1097Network-specific arrangements or communication protocols supporting networked applications in which an application is distributed across nodes in the network for distributed storage of data in a network, e.g. network file system [NFS], transport mechanisms for storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Application independent communication protocol aspects or techniques in packet data networks
    • H04L69/40Techniques for recovering from a failure of a protocol instance or entity, e.g. failover routines, service redundancy protocols, protocol state redundancy or protocol service redirection in case of a failure or disaster recovery
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/006Identification
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/20Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
    • G06F11/2002Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where interconnections or communication control functionality are redundant
    • G06F11/2007Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where interconnections or communication control functionality are redundant using redundant communication media

Abstract

A method includes assigning a port identifier to a first port on a node and communicating data on a first path between the first port and a logical unit on an active/passive storage array. The port identifier is registered in a persistent reservation scheme for the logical unit. The method also includes detecting a failure of the first path, de-assigning the port identifier from the first port, assigning the port identifier to a second port on the first node, and resuming communications between the node and the logical unit. One implementation of a system includes a first port configured to communicate with a storage device, a second port configured to communicate with the storage device, and an identifier management block. The identifier management block executes a failover with N_Port ID Virtualization commands that transfer a world wide port name from the first port to the second port.

Description

CROSS-REFERENCE TO RELATED APPLICATION

The present patent application is a continuation of U.S. patent application Ser. No. 12/856,994, filed on Aug. 16, 2010, entitled “Port Identifier Management for Path Failover in Cluster Environments,” which is a continuation of U.S. patent application Ser. No. 11/731,854, filed on Mar. 30, 2007, issued as U.S. Pat. No. 7,778,157 on Aug. 17, 2010, entitled “Port Identifier Management for Path Failover in Cluster Environments.” These applications are hereby incorporated by reference in their entirety and for all purposes as if completely and fully set forth herein.

FIELD OF THE INVENTION

The present invention relates to storage devices in distributed computer systems and, more particularly, to coordinating storage path failover in a clustered environment.

DESCRIPTION OF THE RELATED ART

A clustered computing system can include several host computers that process data and/or respond to requests for data. The host computers may typically be computer systems that include various software and hardware components. In various settings, the hosts may also be referred to as nodes, reflecting their participation in a networked system. The nodes may operate as a cluster in which the nodes are interconnected to share resources. The clustered nodes may be configured to share the computing load involved in various computing tasks. In support of various applications and operations, the nodes may exchange data over, for example, a network such as an enterprise-wide intranet or other local area network (LAN), or over a wide area network (WAN) such as the Internet. Additionally, the network may allow various client computer systems to communicate with the nodes. The clustered nodes may also communicate with each other and with other computing nodes over a private network that more directly links the nodes.

Distributed computing systems such as node clusters are an increasingly important part of research, governmental, and enterprise computing systems. Among the advantages of such computing systems are their ability to handle a variety of different computing scenarios including large computational problems, high volume data processing situations, and high availability (HA) situations. Such distributed computing systems typically utilize one or more storage devices in support of the computing operations performed by one or more of the nodes.

These storage devices may be quite numerous and/or heterogeneous. In an effort to aggregate such storage devices and to make such storage devices more manageable and flexible, storage virtualization techniques are often used. Storage virtualization techniques establish relationships between physical storage devices, e.g. disk drives, tape drives, optical drives, etc., and virtual or logical storage devices such as volumes, virtual disks, and logical units. A logical unit may be a disk or other storage device. (A logical unit may be referred to as a LUN. The term “LUN” is also used in various contexts to mean the logical unit number of a logical unit.) Alternatively, virtualization may be used to designate a portion of a disk or other storage device as a logical unit. Thus, in various implementations a logical unit may consist of only a portion of a physical device, such as a logical section of a single disk drive. Similarly, virtualization generally allows that multiple disks or other storage devices, or portions thereof, may be combined to form a single logical unit. In some implementations, a logical unit may therefore include multiple physical devices, e.g., several disk drives that are logically presented as a single device. The virtualization techniques typically provide system-wide features, e.g., naming, sizing, and management, better suited to the entire computing system than those features dictated by the physical characteristics of storage devices. Additionally, virtualization techniques enable and/or enhance certain computing system operations such as clustering and data backup and restoration.

The storage devices may be linked together and accessed through a storage area network (SAN). The storage devices may include components such as tape libraries, groups of disk drives (i.e., “just a bunch of disks” or “JBOD”), and storage arrays such as intelligent disk arrays. The SAN can be implemented, for example, as a high-speed network that allows the connections between the storage devices and the nodes in a cluster. The SAN may thus be shared among the nodes, and may allow for the sharing of storage devices among the nodes to provide greater availability and reliability of storage. Other geometries are also possible: shared resources may be directly connected to some or all of the nodes in the computing system, and the computing system need not include a SAN. Alternatively, the nodes may be connected to multiple SANs.

One type of storage array used in such environments is an active/passive (A/P) storage array, which generally includes at least two input/output (I/O) ports. Such a device allows for redundant connections to the various computing nodes through the multiple I/O ports. A node can be connected to an A/P storage array through two (or more) network paths. One path can be used to connect the node to one of the ports on the storage array. A second path can be used to connect the node to another one of the ports on the storage array. In various implementations, these alternate paths may be fully disjoint. In other implementations, these paths may share one or more intermediate links, intermediate resources, or terminating ports. For each logical unit on the storage array, one of the paths is designated as an active path, and is used for reading and writing data on the logical unit. The other path (or paths) is designated as a passive path, and is used as a backup path. In the event that some aspect of the active path fails, the passive path is designated as the new active path, and communication continues through this new active path until conditions allow the original active path to resume service. The process of switching among the redundant paths to a storage array in response to a failure is known as failover.

An A/P storage array may suffer significant degradation in performance if a logical unit within the storage array is accessed through both the active path and the passive path. This situation may be described as a “trespass” onto the passive path. Thus, measures need to be taken to ensure that only one of the paths—the designated active path for a logical unit—is used for communicating with that logical unit. These measures require that failovers be performed with care to avoid a situation in which a logical unit is accessed through a passive path during the failover process.

These measures generally become more involved in the cluster environment. The cluster environment imposes additional challenges to coordinating a failover, since multiple nodes may seek access to a single logical unit during the failover process. Still further, failovers in a cluster environment can be substantially complicated by the use of fencing techniques, in which the nodes are policed to prevent the separate nodes from writing to the storage array in an uncoordinated manner. During a failover, the fencing measures may generally need to be revised throughout a distributed system to assure a correct coordinated failover. This revising is generally slow and cumbersome. Thus, it would be helpful to obtain tools that allow a quicker or more streamlined failover process in a clustered environment.

SUMMARY

Described herein are systems and methods for switching communications paths in a network. One implementation of a method includes assigning a port identifier to a first port on a node in a cluster. The port identifier is registered as a permitted port identifier for communicating with a storage unit coupled to the cluster. The registering includes recording a registration key as a permitted registration key for the storage unit, with the registration key corresponding to the port identifier. Data is communicated between the first port and the storage unit through a first path that couples the first port to the storage unit. The method also includes detecting a failure of the first path, de-assigning the port identifier from the first port, assigning the port identifier to a second port on the first node, and resuming communications between the node and the storage unit. The resumed communications are carried on a second path between the second port and the storage unit. The method may also include features of coordinating the switching for several nodes in the cluster. In situations where the storage unit includes a logical unit in an active/passive (A/P) storage array, the switching may be performed in a coordinated manner to prevent communications that trespass onto passive storage controllers.

One implementation of a system includes a first port configured to communicate with a storage unit, a second port configured to communicate with the storage unit, a first memory that holds a first port identifier for the first port, a second memory that holds a second port identifier for the second port, and an identifier management block. The identifier management block is configured to respond to a failover instruction by revising the contents of the first and second memories. In one implementation, the identifier management block is configured to use N_Port ID Virtualization (NPIV) commands to include the first port identifier in the second memory.

BRIEF DESCRIPTION OF THE DRAWINGS

A more complete understanding of the present invention and advantages thereof may be acquired by referring to the following description and the accompanying drawings, in which like reference numbers indicate like features.

FIG. 1 shows an example of a computing cluster.

FIG. 2 shows an example of a response by a cluster to a path failure.

FIG. 3 shows another example of a computing cluster.

FIG. 4 illustrates a situation of a “split-brain” problem.

FIG. 5 illustrates a method for performing a single-node failover using tools to reassign port identifiers.

FIG. 6 illustrates a method for performing a cluster-wide failover using tools to reassign port identifiers.

FIG. 7 is a block diagram of one implementation of a computer system.

DETAILED DESCRIPTION OF THE EMBODIMENTS

FIG. 1 shows an example of a computing cluster 100. Cluster 100 includes two nodes 120 and 130 that process and serve data to client systems (not shown). Each of the nodes 120 and 130 is coupled to an A/P storage array 150, which holds data used by the nodes 120 and 130. Other implementations of a computing cluster may include more than two nodes, and may include more than one storage system. The connections between storage array 150 and the nodes include two paths 111 and 112 that couple node 120 to storage array 150. The connections also include two paths 113 and 114 that couple node 130 to storage array 150. Paths 111, 112, 113, and 114 are implemented in a Fibre Channel SAN 110. It is contemplated that in other implementations, other communications media may be used, such as other optical media; or coaxial, twisted pair or other transmission line media; or wireless links such as infrared or radio links.

Each of the two nodes 120 and 130 includes two host bus adapters (HBAs). In this example, each of the four HBAs is used to enable communication on one of the four paths between the nodes and the storage array. An HBA 122 provides a communications port on node 120 that connects with path 111. An HBA 123 provides a communications port on node 120 that connects with path 112. An HBA 132 provides a communications port on node 130 that connects with path 113. An HBA 133 provides a communications port on node 130 that connects with path 114.

Each of the HBAs 122, 123, 132, and 133 includes a port identifier module 101, 102, 103, and 104, respectively. The port identifier modules hold identifiers that identify the HBAs on SAN 110. For example, the port identifiers in cluster 100 are 64-bit world wide port names (WWPNs). In other implementations, a cluster may use 48-bit media access control (MAC) addresses or other indicators as port identifiers. The port identifiers are generally manufacturer-assigned numbers that serve to uniquely identify the port hardware. However, it is possible in some cases to modify the port identifier for an HBA. For example, N-Port ID Virtualization (NPIV) tools enable the modification of the WWPN employed by an HBA, and also enables multiple WWPNs to be assigned to an HBA.

In various situations, NPIV provides a Fibre Channel facility for sharing a single physical N_Port among multiple N_Port identifiers, thereby allowing multiple initiators, each with its own N_Port identifier, to share the same physical N_Port. NPIV is supported by major HBA vendors (e.g. QLogic Corp. and Emulex Corporation). NPIV may be used to provide multiple virtual HBAs through a single physical HBA on virtualization servers.

The cluster 100 also includes a port identifier management tool 140. In the illustrated example, the port identifier management tool is implemented on each of the separate nodes as a wwpn manager 121 and a wwpn manager 131. Wwpn manager 121 runs on node 120 and wwpn manager 131 runs on node 130 to execute the operations of port identifier management tool 140. (In other embodiments, the port identifier management tool is implemented on a single node, such as a master node for the cluster, or on a device separate from the cluster nodes.)

In one implementation, port identifier management tool 140 uses NPIV operations to handle the assignment and reassignment of wwpn identifiers on the various HBAs in a cluster. Port identifier management tool 140 provides capabilities of re-assigning port identifiers to the communications ports on the nodes in the cluster. The port identifier management tool can, in various implementations, assign multiple wwpn identifiers to a single HBA. These capabilities may be used to streamline failover operations, as described below.

The storage array includes two target ports 151 and 152. Target port 151 provides a communications port and a storage controller on storage array 150, and connects with paths 111 and 113. Target port 152 provides a communications port and a storage controller on storage array 150, and connects with paths 112 and 114. In this example, storage array 150 includes three logical units: a logical unit 155, a logical unit 156, and a logical unit 157. In this example, each of the target ports 151 and 152 can access each of the three logical units 155, 156, and 157.

In the example described above, each node has two HBAs, and the storage array has two target ports. In other implementations, different numbers of ports may be used on the nodes and storage arrays.

The multiple paths 111, 112, 113, and 114 provide flexibility in the communications between the nodes and the storage array. This flexibility may be used, for example, to provide load balancing. Thus, node 120 may assign some data streams to HBA 122 and other data streams to HBA 123. These assignments may be made in an effort to balance or best utilize the available capacity of the corresponding paths 111 and 112. The flexibility afforded by the multiple paths may also be used to provide some fail-safe redundancy. In the event of a failure of path 111, node 120 may switch the data streams that were carried on that path so that they are carried instead on path 112. Similar load balancing and fail-safe considerations may also be handled by node 130. The management and coordination of such multiple path communications may be managed by system software running on node 120. For example, Veritas Volume Manager™ with Dynamic Multipathing (DMP) provides tools for coordinating multipath communications.

In a clustered computing environment, the operations of the clustered nodes are preferably coordinated so that the nodes work together to execute the desired operations. Cluster 100 includes a cluster LAN 160 to facilitate communication among the nodes in the cluster. Nodes 120 and 130 may communicate with each other over LAN 160 to manage computational tasks. For example, nodes 120 and 130 may cooperate to process data stored on logical unit 155 that is related to a protein-folding problem. The nodes may similarly cooperate to process data stored on logical unit 157 for billing statements. The communications between the nodes on LAN 160 can be used to divide the tasks so that each node works on separate portions of the protein-folding data on logical unit 155, and so that each node works on separate portions of the billing data on logical unit 157. The nodes may also coordinate efforts so that several nodes work together on the same portions, or overlapping portions, of data in a productive manner. This cluster-wide coordination can be used to enhance the efficiency of the cluster's operation. The coordination can also prevent corruption of the data, which may occur if each of the nodes were to modify data in the logical units independently, without heeding the modifications that being performed by their companion nodes.

Fencing is a procedure to avoid undesirable access to data by nodes that are not participating in a coordinated operation on the data. Fencing can be used to protect stored data from the inadvertent corruption that can occur when multiple nodes attempt to simultaneously modify the data in an uncoordinated manner. Cluster 100 implements fencing by storing a list of registered keys for each of the logical units. The keys are stored in storage array 150. Each registered key indicates a port identifier such as a WWPN for an approved HBA in the nodes. To enforce the fencing procedure, the storage array allows access to a given logical unit only from HBAs that bear the identifiers associated with the registered keys for that logical unit. Schemes such as this may be called persistent registration schemes. The registered keys persist as indicators of the allowed HBAs until they are deliberately modified by appropriate commands when needed.

As an example, FIG. 1 shows that logical unit 155 has a key registry 165 in which two keys are registered. These keys, which may be tokens or data records or other indicators stored in the storage array, indicate that logical unit 155 will accept communications from an HBA only if the HBA has a port identifier of “wwpn-1” or “wwpn-3.” In the illustrated example, “wwpn-1” is the port identifier assigned to HBA 122, and “wwpn-3” is the port identifier assigned to HBA 132. Thus, the fencing operations of storage array 150 will permit access to logical unit 155 by node 120 through HBA 122, and by node 130 through HBA 132. Other HBAs (e.g. 123 and 133) would be “fenced off” from accessing logical unit 155.

Similarly, logical unit 156 has a key registry 166 in which one key—corresponding to “wwpn-2”—is registered, and logical unit 157 has a key registry 167 in which two keys—corresponding to “wwpn-1” and “wwpn-4”—are registered. The “wwpn-2” and “wwpn-4” identifiers are assigned to HBAs 123 and 133, respectively. Thus, it can be seen from the figure that the fencing operations of storage array 150 will permit access to logical unit 156 by node 120 through HBA 123. Similarly, the fencing operations will permit access to logical unit 157 by node 120 through HBA 122, and by node 130 through HBA 133.

In this description, labels such as “wwpn-2” have been used to simplify the discussion. In this implementation, a port identifier such as “wwpn-1” represents an identifier, such as a 64-bit WWPN address, that is stored in or otherwise bound to an HBA on a node. Where a label such as “wwpn-1” appears in a key registry (e.g., 165), it indicates a digital key that has been directly or indirectly associated with the 64-bit WWPN address. The presence of a digital key in a key registry means that an HBA (or other port) with the associated port address is permitted to access the logical unit (e.g., 155) supported by that key registry.

It is contemplated that various types of access can be managed by the key registries. In a simple example, only the registered HBAs for a logical unit can read, write, or otherwise access that logical unit. All other logical units are completely denied access to that HBA. In this configuration, the situation shown in FIG. 1 would allow read and write access to logical unit 155 only through HBAs 122 and 132; HBAs 123 and 133 would be denied any access to logical unit 155. In another configuration, the “access” managed by the fencing operations may be only write access. In such a configuration, all the HBAs would be allowed read access to all of the logical units, but only the registered HBAs would be able to write to the various logical units. In yet other configurations, the fencing operations may provide various combinations of access to each of the HBAs.

In the event that one of the paths fails, a node may switch communications to use an alternate path instead of the failed path. The failover operations involved in such a recovery generally need to be done in a way that does not clash with any fencing measures that are in effect. For example, consider a situation in which a hardware failure disables path 111. In response to the failure, node 120 may redirect its communications with the storage array so that all communications are carried by the remaining path 112. Any data streams that were being sent over path 111 will then be sent instead over path 112. However, path 112 is connected to node 120 through HBA 123, which is not registered on logical unit 155. The fencing operations would therefore prevent HBA 123 from accessing logical unit 155.

One approach to overcoming this fencing issue is to update the registry 165 for logical unit 155 to include a registration key for “wwpn-2”—the port identifier of HBA 123. Depending on the implementation, the updating may also require that the registration key for “wwpn-1” be deleted from registry 165, since the corresponding HBA 122 is no longer in use. Similar updates will also be required for registry 167, which would also need a registration key for “wwpn-2.” This approach to performing failovers in a cluster environment with persistent registration thus involves updating the registered keys as part of the failover process. This updating can be time consuming, especially in clusters with larger numbers of components than the simple situation shown in FIG. 1. Depending on the location of the failure in a network topology, many nodes and many storage arrays may be affected, and each storage array may have a large number of affected logical units. Updates will be needed for each of the affected logical units, and each of the affected logical units will need to be updated with registration keys for each of the affected nodes. This updating can be cumbersome and time consuming, and may substantially hinder a quick recovery from a path failure.

An alternate approach to coordinating a failover with a persistent registration scheme involves leaving the registration keys unchanged in response to a path failure. Instead of updating the registration keys on the storage arrays, this alternate approach updates the port identifiers on the nodes in the cluster. An example of this approach is illustrated in FIG. 2.

FIG. 2 shows an example of a response by cluster 100 to a path failure. In this example, path 111 has failed, as indicated by an outage 201. As a result of the path failure, node 120 is unable to reach the storage array through HBA 122, which was connected to path 111. In response, node 120 initiates a failover procedure. As discussed below, the failover procedure will be a coordinated cluster-wide failover. The goal of this failover is to restore communications by redirecting the communications streams previously handled by path 111 so that they are handled instead by path 112.

To prevent the redirected communications streams from being rejected by the storage array, it is necessary to ensure that HBA 123 (connected to path 112) is allowed to communicate with the appropriate logical units. HBA 123 originally had a port identifier of “wwpn-2,” which was not registered with either logical unit 155 or with logical unit 157. Instead of updating the registries on these logical units, the approach depicted in FIG. 2 revises the information in the port identifier modules on the nodes. Thus, the port identifier module 102 for HBA 123 is updated to include “wwpn-1” as well as the original “wwpn-2.” By including “wwpn-1” among the identifiers for HBA 123, the failover process makes HBA 123 an allowed HBA for accessing logical units 155 and 157, which were previously accessed by HBA 122.

The revisions to the port identifier modules are made by port identifier management tool 140. More specifically, in the illustrated example, the contents of port identifier module 102 are modified by wwpn manager 121 to include the identifier “wwpn-1.” Wwpn manager 121 may also be used to remove the port identifier “wwpn-1” from port identifier module 101, as illustrated, to preserve the uniqueness of the port identifiers.

Additional measures may be taken when a failure affects paths to an A/P storage array. As illustrated in FIG. 2, the wwpn manager 131 on node 130 modifies the contents of the port identifier modules 103 and 104. This additional modification deletes the port identifier “wwpn-3” from port identifier module 103 and adds this port identifier to port identifier module 104. This additional measure may be necessary despite the fact that none of the paths that serve node 130 (paths 113 and 114) are directly affected by the outage 201. The reason can be seen from the geometry of the connections between the nodes and the storage array. Node 130 could, in principle, continue to access logical unit 155 through path 113, which has not been affected by outage 201. However, if path 113 were to be used for access to logical unit 155, the result would be that logical unit 155 would be actively accessed through two different target ports: node 120 would start to use target port 152 (connected to HBA 123 via path 112) to access to logical unit 155, while node 130 would continue to use target port 151 (connected to HBA 132 via path 113). As a result, logical unit 155 would be actively accessed by the two different storage controllers in the two different target ports 151 and 152. This situation involves a trespass usage of a passive storage controller on the A/P storage array, which can substantially degrade the performance of storage array 150. Various cache-management and communication overhead issues arise when an A/P storage array accesses a logical unit contemporaneously through two different storage controllers.

To ensure that logical unit 155 is accessed only through a single storage controller, wwpn manager 131 carries out an additional measure of moving the port identifier “wwpn 3” from port identifier module 103 to port identifier module 104. Node 130 also redirects its communications with the storage array so that all communications to logical unit 155 are carried by path 114, which connects HBA 133 (now labeled with “wwpn-3” and with “wwpn-4”) to target port 152.

In the resulting situation, communication proceeds between node 120 and logical unit 155 via path 112. Communication also proceeds between node 130 and logical unit 155 via path 114. In both cases, logical unit 155 is accessed through paths that use only target port 152, and do not use target port 151. This situation thus avoids the cache-management and communication overhead issues that can degrade the performance of an A/P storage array.

The failover operation in the example of FIG. 2 does not require any modification of the registries 165, 166, and 167. This aspect of the operation may provide a benefit of a simplified or accelerated failover, since it reduces or eliminates the need for updating the registries in a persistent registration scheme.

In addition, the operation in FIG. 2 may be carried out without requiring more than one registration per node at any time for each logical unit. This feature differs from the situation in other approaches, where make-before-break registrations are made in registries to perform a failover. In such failovers, a node registers a new HBA in a logical unit's registry before deleting an old HBA from the registry. This scenario incurs some risk of a trespass during the brief time in which both HBAs are simultaneously registered for the logical unit. The operations discussed with respect to FIG. 2 may avoid such issues, since only one HBA is registered per node at any time for each logical unit.

Still further, the operations from FIG. 2 may reduce a risk of a failover operation clashing with a fencing operation. An alternate approach to failover involves a node detecting a failure, establishing a new path to a logical unit, and updating the registry of the logical unit through the new path. If by chance this node is being fenced out at the same time, then there is a risk that the node may inadvertently defeat the fencing by establishing a new registration key through the new path. The failover operations in FIG. 2 can mitigate this risk by limiting a node to use only one registration key for each logical unit. In some implementations, this aspect of the operations in FIG. 2 can reduce or eliminate the need to check for defeated fencing. Such checks typically involve additional checks of registered keys and additional key removal operations; avoiding these checks and removals may additionally streamline the failover process.

Still further, the failover operation in FIG. 2 may allow for more efficient use of registration keys. In some implementations, logical units allow only a limited number of keys to be registered. For example, consider a situation where a storage array allows only 32 registration keys per logical unit. One approach to enabling all the HBAs on all the nodes to access a particular logical unit would be to register each of the HBAs be on the logical unit, with those registrations standing ready for use in case a failover is needed. However, this approach is an expensive use of registration keys. For example, if the nodes in a cluster each have four HBAs, then the maximum number of nodes that could access the logical device is 32/4=8 nodes. In contrast, the approach outlined in the discussion of FIG. 2 would allow 32 nodes to register; each node would need only one registration key that would be shared, as needed, among all the HBAs on the node.

The failover operation presented in FIG. 2 involves responses both by node 120 and by node 130. To maintain a single active port on A/P storage array 150, both nodes need to redirect all or some of their data traffic through a different HBA. Both nodes thus need to modify contents of port identifier modules on their HBAs. As a result, this failover is a cluster-wide coordinated operation. The failover is coordinated among the nodes of the cluster through control messages transmitted over LAN 160.

In some situations, it is possible that a failover need not be performed on a cluster wide basis. Instead, some path failures may be addressed by a local single-node response. Some examples include situations where a path failure only affects a logical unit that is accessed by only a single node, or where a path failure only impacts logical units on active-active storage arrays (varieties of which are not affected by trespass issues) coupled to a single node. Another example of such a situation is presented in FIG. 3.

FIG. 3 shows another example of a computing cluster 300. In this implementation, a SAN 310 with a central switch 315 is used in place of the SAN 110 from FIGS. 1 and 2. In this implementation, the target ports 151 and 152 are not connected directly to the nodes 120 and 130. Instead, target port 151 is connected to switch 315 through a link 316 and target port 152 is connected to switch 315 through a link 317. Switch 315 is connected to HBAs 122, 123, 132, and 133 through links 311, 312, 313, and 314, respectively.

This figure shows a response to a failure of link 311. The failure is indicated by an outage 301. In response, node 120 moves the port identifier “wwpn 1” from port identifier module 101 to port identifier module 102. Node 120 also redirects its communications with the storage array so that all communications to storage array 150 are carried by a path from HBA 123 that includes link 312, switch 315, and link 316. Note that this pathway terminates at target port 151. Thus, the failover in response to outage 301 does not involve a change in the target port. As a result, there is no need to follow up with a corresponding adjustment to target ports used by any other nodes in cluster 300. In this example, the port identifiers “wwpn-3” and “wwpn-4” on node 130 remain assigned to HBAs 132 and 133, respectively. (It will be appreciated by a skilled artisan that adjustments on node 130 could indeed be necessary in cluster 300 if the outage had affected some other links, such as link 316, instead of link 311.)

FIG. 4 illustrates a situation of a “split-brain” problem. In this situation, coordination among the nodes in a cluster has been lost. In the illustrated example, this loss arises from a failure of LAN 160, as indicated by an outage 401. As a result, the nodes in this situation are unable to coordinate processing operations and access to the various logical units. To protect the integrity of the operations and the integrity of the data on the storage array, the fencing mechanisms are invoked by a master node in the cluster. The master node is generally a designated node that is assigned to oversee the coordination of the cluster and to isolate nodes from the cluster if they are for some reason unable to participate in coordinated activities. For example, in the example of FIG. 4, node 130 is the designated master node. Because of outage 401, node 120 is no longer able to coordinate operations with master node 130. Upon detecting the loss of communication with node 120, the master node 130 uses the fencing operations of the storage array to revise the key registries 165, 166, 167 to prevent uncoordinated access to the corresponding logical units. In particular, the master node fences off node 120 by revoking the keys for “wwpn-1” (HBA 122) from registries 165 and 167. These revocations prevent uncoordinated duplicative access to logical units 155 and 157, which are being accessed by node 130. After the revocation, only node 130 has access to these logical units; the uncoordinated node 120 has been fenced off from these logical units. (Node 120 may additionally be fenced off from logical unit 156. Alternatively, node 120 may continue to be allowed access to logical unit 156, as shown in FIG. 4, if node 120 is the only node operating on data in logical unit 156.)

The operations for responding to the split-brain situation in FIG. 4 involve updating the persistent registration information for storage array 150. Cluster 100 responds to outage 401 in a manner different than was used for outage 201 in the discussion of FIG. 2. In response to the outage 201 from FIG. 2, cluster 100 modified the contents of the port identifier modules 101, 102, 103, and/or 104 in the nodes. In contrast, the response to outage 401 involves updates made to the registries 165, 166, and/or 167 in the storage array. In this example, cluster 100 thus includes the ability to respond with either a node-side or storage array-side update of information in response to a path failure.

FIG. 5 shows an example of a method 500 for performing a single-node failover using tools to reassign port identifiers. The method commences in act 510, where a node in a cluster assigns a WWPN identifier (or other port identifier, such as a MAC address) to one of the communications ports (such as an HBA unit) on the node. In this example, the node needs to communicate with a logical unit (LUN) on an A/P storage array that is protected by a persistent registration fencing scheme. In order to allow this communication with the LUN, in act 520 the cluster registers the WWPN identifier from act 510 in a registry for the LUN. In act 530, the node then communicates with the LUN. The communication is carried through a path that includes the communications port on the node with the WWPN identifier, a target communications port on the A/P storage array, and at least one intermediate link between these end-point communication ports. The path may additionally include intermediate devices and additional links, and may be implemented in a Fibre Channel SAN.

In act 540, a failure is detected in the path that was used for communication in act 530. In response to the failure, the cluster de-assigns the WWPN identifier from the communications port on the node (act 570), and re-assigns the WWPN identifier to a second communications port on the node (act 580). The second communications port is selected as a port that is not impacted by the failure. In act 590, the node then communicates with the LUN through a second path that includes the second communications port on the node, the target communications port on the A/P storage array, and at least one intermediate link that provides routing around the failure.

FIG. 6 shows an example of a method 600 for performing a cluster-wide failover using tools to reassign port identifiers. In this example, several nodes in the cluster need to communicate with a particular LUN on an A/P storage array. The method commences in act 610, where each of the several nodes assigns a WWPN identifier (or other port identifier, such as a MAC address) to a first one of the communications ports (such as an HBA unit) on that node. The WWPN identifiers are unique; that is, they serve as non-ambiguous or distinct identifiers for the first ports on the several nodes. In act 620 the cluster registers the appropriate WWPN identifiers from act 610 in the registry for the LUN. In act 630, the several nodes then communicate in a coordinated manner with the LUN. The communication is carried through several paths, each of which includes a corresponding first communications port on one of the several nodes, a target communications port on the A/P storage array, and at least one intermediate link between these end-point communication ports. The various paths may additionally include intermediate devices and additional links, and may be implemented in a Fibre Channel SAN.

In act 640, a failure is detected in at least one of the paths from act 630. In response, the cluster examines the failure in act 642. The examination may consider features such as the topology of a communications network that carries the paths from act 630, and such as the location of the failure within that topology. Based on the examination, a decision is made in act 644 whether a single-node failover is adequate to address the failure, or whether a coordinated cluster-wide failover is needed to address the failure.

If a single-node failure is deemed adequate in act 644, then control proceeds to act 652, in which a failover is performed on only one of the nodes among the several nodes that communicate with the LUN. This failover commences in act 672, which de-assigns the WWPN identifier from the first communications port on the node. In act 682, the WWPN identifier is re-assigned to a second port on that node.

If a cluster-wide failure is deemed necessary in act 644, then control proceeds to act 651, in which a coordinated failover is performed on the several nodes that communicate with the LUN. This coordinated failover commences in act 660, in which a master node is alerted to the failure. The master node sends failover instructions in act 665 to the several nodes that communicate with the LUN. In act 670, in response to the failover instructions, each of the several nodes de-assigns the corresponding WWPN identifier from the first communications port on the node. In act 680, in response to the failover instructions, each of the several nodes assigns the corresponding WWPN identifier to a second communications port on the node.

In act 690, each of the updated nodes resumes communication with the LUN through a second path that include the second communications port, the target communications port on the A/P storage array, and at least one intermediate links that provides routing around the failure.

A variety of alternative implementations are contemplated for the foregoing systems and methods. For example, in various implementations of method 600, act 660 may be performed prior to act 642, so that the master node can participate in the examination of the failure. As another example, various implementations of method 600 may avoid the examination process by always performing cluster-wide failovers instead of considering the opportunity to perform single-node failovers. Such a variation may eliminate acts 642, 644, 652, 672, and 682.

FIG. 7 is a block diagram of one implementation of a computer system 700 that may be used for one or more of the techniques described herein. For example, the computer system 700 may be used to implement one of the previously described devices 120, 130, 150, or 315. The computer system 700 may include a processor 710 and a memory 720 coupled together by a communications bus 705. The processor 710 may be a single processor or a number of individual processors working together. It is also contemplated that the processor 710 may be one or more virtual processors usable with interpreted languages. The memory 720 may be a random access memory (RAM) or some other dynamic storage device and may be capable of storing instructions to be executed by the processor, e.g., an operating system 722 and applications 724, as well as database data 726. The operating system 722 may include software for implementing a file system, managing a multipath storage system, carrying out master node operations in a node cluster, coordinating cluster interactions, or managing port identifiers, or combinations thereof, among others. The applications 724 may include computational applications, accounting software, email servers, database servers, archiving software, interfaces to archiving software, API modules, storage format management software, volume replicators, backup software, encryption software, hashing software, CDP software, user interfaces, or combinations thereof, among others. The memory 720 may also be used for storing temporary variables or other intermediate information during the execution of instructions by the processor 710.

The computer system 700 may also include devices such as a keyboard and mouse 750, a SCSI interface 752, one or more network interfaces 754, a graphics and display 756, a hard disk 758, and a CD-ROM 760, all of which are coupled to the processor 710 by a communications bus 707. It will be apparent to those having ordinary skill in the art that the computer system 700 may also include numerous elements not shown in the figure, such as additional storage devices, communications devices, input devices and output devices, as illustrated by the ellipsis shown.

FIGS. 1-6 illustrate some of the many operational examples of the techniques disclosed in the present application. Those having ordinary skill in the art will readily recognize that certain steps or operations described herein may be eliminated or taken in an alternate order. Moreover, the operations discussed with respect to FIGS. 1-6 may be implemented as one or more software programs for a computer system and encoded in a computer readable medium as instructions executable on one or more processors. The computer readable medium may include a solid-state storage medium, a magnetic storage medium, or an optical storage medium, or combinations thereof. The software programs may also be carried in a communications medium conveying signals encoding the instructions. Separate instances of these programs may be executed on separate computer systems. Thus, although certain steps have been described as being performed by certain devices, software programs, processes, or entities, this need not be the case and a variety of alternative implementations will be understood by those having ordinary skill in the art.

Additionally, those having ordinary skill in the art will readily recognize that the techniques described above may be utilized with a variety of different storage devices and computing systems with variations in, for example, the number of servers or nodes and the types of operation of the computing system, e.g., various forms of port identifier management, various forms of cluster coordination, various forms of multipath management, or various forms of failover operations, among others.

Those having ordinary skill in the art will readily recognize that the techniques and methods discussed above may be implemented in software using a variety of computer languages, including, for example, traditional computer languages such as assembly language, Pascal, and C; object oriented languages such as C++, C#, and Java; and scripting languages such as Perl and Tcl/Tk. Additionally, the software 722 or 724 may be provided to the computer system via a variety of computer readable media including electronic media (e.g., flash memory), magnetic storage media (e.g., hard disk 758, a floppy disk, etc.), or optical storage media (e.g., CD-ROM 760). Communications media conveying signals encoding the instructions may also be used to provide the software 722 or 724 (e.g., via a network coupled to the network interface 754).

Although the present invention has been described in connection with several embodiments, the invention is not intended to be limited to the specific forms set forth herein. On the contrary, it is intended to cover such alternatives, modifications, and equivalents as can be reasonably included within the scope of the invention as defined by the appended claims.

Claims (20)

What is claimed is:
1. A method comprising:
performing a fencing operation wherein
the fencing operation comprises
storing a registered key associated with a logical unit in a storage array, wherein
the registered key indicates a port identifier for a host bus adapter in a node of a cluster of nodes, and
permitting the storage array to access the logical unit only from the host bus adapter that bears an identifier associated with the registered key associated with the logical unit;
determining whether a failure of a path occurs during performance of the fencing operation, wherein
a single-node failover would defeat the fencing operation; and
performing a failover operation without defeating the fencing operation, wherein performing the failover operation comprises
limiting the node to using the registered key for the logical unit.
2. The method of claim 1, further comprising:
detecting the failure of the path during performance of the fencing operation;
examining a location of the failure with regard to a topology of network paths; and
in response to the examining of the failure, determining whether the single-node failover is adequate to address the failure without defeating the fencing operation.
3. The method of claim 2, further comprising:
in response to the determination that the single-node failover is not adequate to address the failure without defeating the fencing operation,
updating port assignments in each node of the cluster of nodes other than the node with the host bus adapter, and
updating a registry for the logical unit to include the registered key associated with the logical unit.
4. The method of claim 1, wherein
determining whether the failure of the path occurs during performance of the fencing operation comprises
sharing the registered key for the logical unit among the cluster of nodes.
5. The method of claim 1, wherein
performing the failover operation without defeating the fencing operation further comprises
deleting, from a registry for the logical unit, the registered key bearing an indicator of the host bus adapter.
6. The method of claim 5, wherein
performing the failover operation without defeating the fencing operation further comprises
revising information in the port identifier to include an updated registered key for another logical unit and preserving the registered key for the logical unit, and
permitting the host bus adapter to access both the another logical unit and the logical unit based on the revised information in the port identifier.
7. The method of claim 1, wherein
performing the failover operation further comprises
detecting failure of the path by the node,
examining the failure,
in response to the examining, determining whether a cluster-wide failover is necessary to address the failure,
establishing a new path to the logical unit, and
if the fencing operation is being performed at a same time as the cluster-wide failover, limiting the cluster of nodes to using the registered key for the logical unit.
8. The method of claim 7, wherein
the cluster-wide failover is coordinated among the cluster of nodes through a plurality of control messages transmitted over a local area network.
9. The method of claim 8, further comprising:
designating a master node of the cluster of nodes, wherein
the master node is configured to maintain coordination among the cluster of nodes during the failover operation, and
upon detecting a loss of communication among the cluster of nodes during the cluster-wide failover, use the fencing operation to prevent uncoordinated access to the logical unit by revoking the registered key associated with the logical unit.
10. A non-transitory computer readable storage medium comprising program instructions executable to:
perform a fencing operation, wherein
the fencing operation comprises
storing a registered key associated with a logical unit in a storage array, wherein
the registered key indicates a port identifier for a host bus adapter in a node of a cluster of nodes, and
permitting the storage array to access the logical unit only from the host bus adapter that bears an identifier associated with the registered key associated with the logical unit;
determine whether a failure of a path occurs during performance of the fencing operation, wherein
a single-node failover would defeat the fencing operation; and
perform a failover operation without defeating the fencing operation, wherein performing the failover operation comprises
limiting the node to using the registered key for the logical unit.
11. The non-transitory computer readable storage medium of claim 10, further comprising:
detecting the failure of the path during performance of the fencing operation;
examining a location of the failure with regard to a topology of network paths; and
in response to the examining of the failure, determining whether the single-node failover is adequate to address the failure without defeating the fencing operation.
12. The non-transitory computer readable storage medium of claim 11, further comprising:
in response to the determination that the single-node failover is not adequate to address the failure without defeating the fencing operation,
updating port assignments in each node of the cluster of nodes other than the node with the host bus adapter, and
updating a registry for the logical unit to include the registered key associated with the logical unit.
13. The non-transitory computer readable storage medium of claim 10, wherein
determining whether the failure of the path occurs during performance of the fencing operation comprises
sharing the registered key for the logical unit among the cluster of nodes; and
performing the failover operation without defeating the fencing operation further comprises
deleting, from a registry for the logical unit, the registered key bearing an indicator of the host bus adapter,
revising information in the port identifier to include an updated registered key for another logical unit and preserving the registered key for the logical unit, and
permitting the host bus adapter to access both the another logical unit and the logical unit based on the revised information in the port identifier.
14. The non-transitory computer readable storage medium of claim 10, wherein
performing the failover operation further comprises
detecting failure of the path by the node,
examining the failure,
in response to the examining, determining whether a cluster-wide failover is necessary to address the failure, wherein
the cluster-wide failover is coordinated among the cluster of nodes through a plurality of control messages transmitted over a local area network,
establishing a new path to the logical unit, and
if the fencing operation is being performed at a same time as the cluster-wide failover, limiting the cluster of nodes to using the registered key for the logical unit.
15. The non-transitory computer readable storage medium of claim 14, further comprising:
designating a master node of the cluster of nodes, wherein
the master node is configured to maintain coordination among the cluster of nodes during the failover operation, and
upon detecting a loss of communication among the cluster of nodes during the cluster-wide failover, use the fencing operation to prevent uncoordinated access to the logical unit by revoking the registered key associated with the logical unit.
16. A system comprising:
one or more processors; and
a memory coupled to the one or more processors, wherein the memory stores program instructions executed by the one or more processors to:
perform a fencing operation, wherein
the fencing operation comprises
storing a registered key associated with a logical unit in a storage array, wherein
the registered key indicates a port identifier for a host bus adapter in a node of a cluster of nodes, and
permitting the storage array to access the logical unit only from the host bus adapter that bears an identifier associated with the registered key associated with the logical unit;
determine whether a failure of a path occurs during performance of the fencing operation, wherein
a single-node failover would defeat the fencing operation; and
perform a failover operation without defeating the fencing operation, wherein performing the failover operation comprises
limiting the node to using the registered key for the logical unit.
17. The system of claim 16, further comprising:
detecting the failure of the path during performance of the fencing operation;
examining a location of the failure with regard to a topology of network paths;
in response to the examining of the failure, determining whether the single-node failover is adequate to address the failure without defeating the fencing operation; and
in response to the determination that the single-node failover is not adequate to address the failure without defeating the fencing operation,
updating port assignments in each node of the cluster of nodes other than the node with the host bus adapter, and
updating a registry for the logical unit to include the registered key associated with the logical unit.
18. The system of claim 16, wherein
determining whether the failure of the path occurs during performance of the fencing operation comprises
sharing the registered key for the logical unit among the cluster of nodes; and
performing the failover operation without defeating the fencing operation further comprises
deleting, from a registry for the logical unit, the registered key bearing an indicator of the host bus adapter,
revising information in the port identifier to include an updated registered key for another logical unit and preserving the registered key for the logical unit, and
permitting the host bus adapter to access both the another logical unit and the logical unit based on the revised information in the port identifier.
19. The system of claim 16, wherein
performing the failover operation further comprises
detecting failure of the path by the node,
examining the failure,
in response to the examining, determining whether a cluster-wide failover is necessary to address the failure, wherein
the cluster-wide failover is coordinated among the cluster of nodes through a plurality of control messages transmitted over a local area network,
establishing a new path to the logical unit, and
if the fencing operation is being performed at a same time as the cluster-wide failover, limiting the cluster of nodes to using the registered key for the logical unit.
20. The system of claim 19, further comprising:
designating a master node of the cluster of nodes, wherein
the master node is configured to maintain coordination among the cluster of nodes during the failover operation, and
upon detecting a loss of communication among the cluster of nodes during the cluster-wide failover, use the fencing operation to prevent uncoordinated access to the logical unit by revoking the registered key associated with the logical unit.
US14/252,059 2007-03-30 2014-04-14 Port identifier management for path failover in cluster environments Active 2028-05-23 US9647933B1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
US11/731,854 US7778157B1 (en) 2007-03-30 2007-03-30 Port identifier management for path failover in cluster environments
US12/856,994 US8699322B1 (en) 2007-03-30 2010-08-16 Port identifier management for path failover in cluster environments
US14/252,059 US9647933B1 (en) 2007-03-30 2014-04-14 Port identifier management for path failover in cluster environments

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US14/252,059 US9647933B1 (en) 2007-03-30 2014-04-14 Port identifier management for path failover in cluster environments

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US12/856,994 Continuation US8699322B1 (en) 2007-03-30 2010-08-16 Port identifier management for path failover in cluster environments

Publications (1)

Publication Number Publication Date
US9647933B1 true US9647933B1 (en) 2017-05-09

Family

ID=42555821

Family Applications (3)

Application Number Title Priority Date Filing Date
US11/731,854 Active 2028-09-11 US7778157B1 (en) 2007-03-30 2007-03-30 Port identifier management for path failover in cluster environments
US12/856,994 Active 2028-10-06 US8699322B1 (en) 2007-03-30 2010-08-16 Port identifier management for path failover in cluster environments
US14/252,059 Active 2028-05-23 US9647933B1 (en) 2007-03-30 2014-04-14 Port identifier management for path failover in cluster environments

Family Applications Before (2)

Application Number Title Priority Date Filing Date
US11/731,854 Active 2028-09-11 US7778157B1 (en) 2007-03-30 2007-03-30 Port identifier management for path failover in cluster environments
US12/856,994 Active 2028-10-06 US8699322B1 (en) 2007-03-30 2010-08-16 Port identifier management for path failover in cluster environments

Country Status (1)

Country Link
US (3) US7778157B1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160292056A1 (en) * 2015-03-31 2016-10-06 Emc Corporation Failover in a san environment
US10168903B2 (en) * 2016-11-22 2019-01-01 Netapp, Inc. Methods for dynamically managing access to logical unit numbers in a distributed storage area network environment and devices thereof

Families Citing this family (34)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090265449A1 (en) * 2008-04-22 2009-10-22 Hewlett-Packard Development Company, L.P. Method of Computer Clustering
US8041987B2 (en) * 2008-11-10 2011-10-18 International Business Machines Corporation Dynamic physical and virtual multipath I/O
US8274881B2 (en) * 2009-05-12 2012-09-25 International Business Machines Corporation Altering access to a fibre channel fabric
JP4972670B2 (en) * 2009-06-05 2012-07-11 株式会社日立製作所 Virtual computer system, access control method thereof, and communication apparatus
US8706905B1 (en) * 2009-08-24 2014-04-22 Qlogic, Corporation Method and system for routing information in a network
US8074101B1 (en) * 2009-10-29 2011-12-06 Symantec Corporation Systems and methods for handling path failures to active-passive storage arrays
US8619555B2 (en) * 2010-11-17 2013-12-31 Netapp, Inc. Method and system for path selection in a network
US8958429B2 (en) * 2010-12-22 2015-02-17 Juniper Networks, Inc. Methods and apparatus for redundancy associated with a fibre channel over ethernet network
WO2012149714A1 (en) * 2011-08-25 2012-11-08 华为技术有限公司 Node controller link switching method, processor system and node
US9015371B1 (en) * 2012-03-01 2015-04-21 Symantec Corporation Method to discover multiple paths to disk devices cluster wide
US9071631B2 (en) 2012-08-09 2015-06-30 International Business Machines Corporation Service management roles of processor nodes in distributed node service management
US9678801B2 (en) 2012-08-09 2017-06-13 International Business Machines Corporation Service management modes of operation in distributed node service management
CN103795753A (en) * 2012-10-31 2014-05-14 中国移动通信集团四川有限公司 Method and system for achieving SAN network data equalized transmission
US9304875B2 (en) * 2012-11-30 2016-04-05 International Business Machines Corporation Dynamically tracking logical units moving between input/output ports of a storage area network target
US9830239B2 (en) 2013-01-30 2017-11-28 Hewlett Packard Enterprise Development Lp Failover in response to failure of a port
US9298566B2 (en) * 2013-04-17 2016-03-29 Hewlett Packard Enterprise Development Lp Automatic cluster-based failover handling
US10019203B1 (en) * 2013-05-30 2018-07-10 Cavium, Inc. Method and system for processing write requests
US8819317B1 (en) 2013-06-12 2014-08-26 International Business Machines Corporation Processing input/output requests using proxy and owner storage systems
US9779003B2 (en) 2013-06-12 2017-10-03 International Business Machines Corporation Safely mapping and unmapping host SCSI volumes
US9769062B2 (en) 2013-06-12 2017-09-19 International Business Machines Corporation Load balancing input/output operations between two computers
US9940019B2 (en) 2013-06-12 2018-04-10 International Business Machines Corporation Online migration of a logical volume between storage systems
US9274989B2 (en) 2013-06-12 2016-03-01 International Business Machines Corporation Impersonating SCSI ports through an intermediate proxy
US9274916B2 (en) 2013-06-12 2016-03-01 International Business Machines Corporation Unit attention processing in proxy and owner storage systems
US9882805B2 (en) * 2013-09-30 2018-01-30 Vmware, Inc. Dynamic path selection policy for multipathing in a virtualized environment
US9639437B2 (en) * 2013-12-13 2017-05-02 Netapp, Inc. Techniques to manage non-disruptive SAN availability in a partitioned cluster
US9852034B2 (en) * 2014-03-24 2017-12-26 International Business Machines Corporation Efficient high availability for a SCSI target over a fibre channel
US9354992B2 (en) * 2014-04-25 2016-05-31 Netapp, Inc. Interconnect path failover
CN105812415B (en) * 2014-12-30 2019-02-26 华为技术有限公司 Realize the method and storage system of load balancing
WO2016106682A1 (en) 2014-12-31 2016-07-07 华为技术有限公司 Post-cluster brain split quorum processing method and quorum storage device and system
CN106165367B (en) * 2014-12-31 2019-06-21 华为技术有限公司 A kind of access control method of storage device, storage device and control system
CN105045674B (en) * 2015-09-15 2018-11-20 浪潮(北京)电子信息产业有限公司 A kind of link switch-over method and system
US10341252B2 (en) 2015-09-30 2019-07-02 Veritas Technologies Llc Partition arbitration optimization
US10205782B2 (en) 2016-04-29 2019-02-12 Netapp, Inc. Location-based resource availability management in a partitioned distributed storage environment
US10437517B2 (en) 2018-02-15 2019-10-08 International Business Machines Corporation Enhanced soft fence of devices

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7272674B1 (en) * 2003-06-30 2007-09-18 Veritas Operating Corporation System and method for storage device active path coordination among hosts
US20080155315A1 (en) * 2006-09-28 2008-06-26 International Business Machines Corporation Method, computer program product, and system for limiting access by a failed node
US7516285B1 (en) * 2005-07-22 2009-04-07 Network Appliance, Inc. Server side API for fencing cluster hosts via export access rights

Family Cites Families (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6393483B1 (en) * 1997-06-30 2002-05-21 Adaptec, Inc. Method and apparatus for network interface card load balancing and port aggregation
US6421711B1 (en) * 1998-06-29 2002-07-16 Emc Corporation Virtual ports for data transferring of a data storage system
US20030005350A1 (en) * 2001-06-29 2003-01-02 Maarten Koning Failover management system
JP4651230B2 (en) 2001-07-13 2011-03-16 株式会社日立製作所 Storage system and access control method to logical unit
US7093265B1 (en) 2001-09-21 2006-08-15 Lsi Logic Corporation Method and apparatus for providing highly-transparent, host-based multi-pathing support
US20030154271A1 (en) 2001-10-05 2003-08-14 Baldwin Duane Mark Storage area network methods and apparatus with centralized management
US7007042B2 (en) * 2002-03-28 2006-02-28 Hewlett-Packard Development Company, L.P. System and method for automatic site failover in a storage area network
JP2003316522A (en) * 2002-04-26 2003-11-07 Hitachi Ltd Computer system and method for controlling the same system
US20030212785A1 (en) * 2002-05-08 2003-11-13 Jibbe Mahmoud K. System and method for isolating faulty connections in a storage area network
US7672226B2 (en) * 2002-09-09 2010-03-02 Xiotech Corporation Method, apparatus and program storage device for verifying existence of a redundant fibre channel path
US7401338B1 (en) 2002-09-27 2008-07-15 Symantec Operating Corporation System and method for an access layer application programming interface for managing heterogeneous components of a storage area network
US7606239B2 (en) 2003-01-31 2009-10-20 Brocade Communications Systems, Inc. Method and apparatus for providing virtual ports with attached virtual devices in a storage area network
US7293152B1 (en) 2003-04-23 2007-11-06 Network Appliance, Inc. Consistent logical naming of initiator groups
US7260737B1 (en) * 2003-04-23 2007-08-21 Network Appliance, Inc. System and method for transport-level failover of FCP devices in a cluster
JP4278444B2 (en) 2003-06-17 2009-06-17 株式会社日立製作所 Virtual port name management device
US20050080982A1 (en) 2003-08-20 2005-04-14 Vasilevsky Alexander D. Virtual host bus adapter and method
JP4415610B2 (en) 2003-08-26 2010-02-17 株式会社日立製作所 System switching method, replica creation method, and disk device
US7137031B2 (en) * 2004-02-25 2006-11-14 Hitachi, Ltd. Logical unit security for clustered storage area networks
US9491084B2 (en) * 2004-06-17 2016-11-08 Hewlett Packard Enterprise Development Lp Monitoring path connectivity between teamed network resources of a computer system and a core network
US7826380B2 (en) * 2005-03-30 2010-11-02 International Business Machines Corporation Apparatus, system, and method for data tracking
JP4710518B2 (en) * 2005-09-28 2011-06-29 株式会社日立製作所 Computer system and boot control method thereof
US7484021B2 (en) 2005-10-27 2009-01-27 Cisco Technology, Inc. Technique for implementing virtual fabric membership assignments for devices in a storage area network
US7478177B2 (en) * 2006-07-28 2009-01-13 Dell Products L.P. System and method for automatic reassignment of shared storage on blade replacement
US7953827B2 (en) 2006-10-31 2011-05-31 Dell Products L.P. System and method for dynamic allocation of information handling system network addresses

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7272674B1 (en) * 2003-06-30 2007-09-18 Veritas Operating Corporation System and method for storage device active path coordination among hosts
US7516285B1 (en) * 2005-07-22 2009-04-07 Network Appliance, Inc. Server side API for fencing cluster hosts via export access rights
US20080155315A1 (en) * 2006-09-28 2008-06-26 International Business Machines Corporation Method, computer program product, and system for limiting access by a failed node

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160292056A1 (en) * 2015-03-31 2016-10-06 Emc Corporation Failover in a san environment
US9996437B2 (en) * 2015-03-31 2018-06-12 EMC IP Holding Company LLC Failover in a san environment
US10168903B2 (en) * 2016-11-22 2019-01-01 Netapp, Inc. Methods for dynamically managing access to logical unit numbers in a distributed storage area network environment and devices thereof

Also Published As

Publication number Publication date
US7778157B1 (en) 2010-08-17
US8699322B1 (en) 2014-04-15

Similar Documents

Publication Publication Date Title
JP4859471B2 (en) Storage system and storage controller
US6904477B2 (en) Virtual host controller interface with multipath input/output
KR100232247B1 (en) Virtual shared disks with application-transparent recovery
US6789122B1 (en) Mechanism for reliable update of virtual disk device mappings without corrupting data
CA2406902C (en) Programmatic masking of storage units
US7181524B1 (en) Method and apparatus for balancing a load among a plurality of servers in a computer system
US6173413B1 (en) Mechanism for maintaining constant permissions for multiple instances of a device within a cluster
US6421787B1 (en) Highly available cluster message passing facility
JP5026283B2 (en) Collaborative shared storage architecture
KR100644011B1 (en) Storage domain management system
CN1290008C (en) Virtual networking system and method in processing system
CN101673283B (en) Management terminal and computer system
JP4815449B2 (en) System and method for balancing user workload in real time across multiple storage systems with shared backend storage
JP4733399B2 (en) Computer system, computer, storage device and management terminal
KR101107899B1 (en) Dynamic physical and virtual multipath i/o
US7437477B2 (en) SCSI-based storage area network having a SCSI router that routes traffic between SCSI and IP networks
CN100334534C (en) Methods and apparatus for implementing virtualization of storage within a storage area network
US6625747B1 (en) Computer storage system and failover method
US6760859B1 (en) Fault tolerant local area network connectivity
US8086895B2 (en) Management method and system for managing replication by taking into account cluster storage accessibility a host computer
US6732104B1 (en) Uniform routing of storage access requests through redundant array controllers
US6654830B1 (en) Method and system for managing data migration for a storage system
US8924499B2 (en) Operating system migration with minimal storage area network reconfiguration
US6826580B2 (en) Distributed storage resource management in a storage area network
US7734712B1 (en) Method and system for identifying storage devices

Legal Events

Date Code Title Description
AS Assignment

Owner name: VERITAS US IP HOLDINGS LLC, CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:SYMANTEC CORPORATION;REEL/FRAME:037693/0158

Effective date: 20160129

AS Assignment

Owner name: WILMINGTON TRUST, NATIONAL ASSOCIATION, AS COLLATE

Free format text: SECURITY INTEREST;ASSIGNOR:VERITAS US IP HOLDINGS LLC;REEL/FRAME:037891/0726

Effective date: 20160129

Owner name: BANK OF AMERICA, N.A., AS COLLATERAL AGENT, NORTH

Free format text: SECURITY INTEREST;ASSIGNOR:VERITAS US IP HOLDINGS LLC;REEL/FRAME:037891/0001

Effective date: 20160129

AS Assignment

Owner name: VERITAS TECHNOLOGIES LLC, CALIFORNIA

Free format text: MERGER;ASSIGNOR:VERITAS US IP HOLDINGS LLC;REEL/FRAME:038483/0203

Effective date: 20160329

STCF Information on status: patent grant

Free format text: PATENTED CASE